main.yml

- name: Install dovecot
  pacman: name=dovecot,pigeonhole state=present

# FIXME: check directory permissions
- name: Create dovecot configuration directory
  file: path=/etc/dovecot state=directory owner=root group=root mode=0755

- name: Create dhparam
  command: openssl dhparam -out /etc/dovecot/dh.pem 4096 creates=/etc/dovecot/dh.pem

- name: Install dovecot.conf
  template: src=dovecot.conf.j2 dest=/etc/dovecot/dovecot.conf owner=root group=root mode=0644
  notify:
    - reload dovecot

- name: Add vmail group
  group: name=vmail gid=5000

- name: Add vmail user
  user: name=vmail uid=5000 shell=/usr/bin/nologin group=vmail

- name: Install PAM config
  copy: src=pam.d.dovecot dest=/etc/pam.d/dovecot mode=0644 owner=root group=root

- name: Create dovecot sieve dir
  file: path=/etc/dovecot/sieve state=directory owner=root group=root mode=0755

- name: Install spam-to-folder.sieve
  copy: src=spam-to-folder.sieve dest=/etc/dovecot/sieve/ mode=0644 owner=root group=root
  notify:
    - run sievec

- name: Create ssl cert
  include_role:
    name: certificate
  vars:
    domains: ["{{ mail_domain }}"]

- name: Install dovecot cert renewal hook
  template: src=letsencrypt.hook.d.j2 dest=/etc/letsencrypt/hook.d/dovecot owner=root group=root mode=0755

- name: Start and enable dovecot
  service: name=dovecot enabled=yes state=started

- name: Open firewall holes
  ansible.posix.firewalld: service={{ item }} permanent=true state=enabled immediate=yes
  with_items:
    - imaps
    - managesieve
  when: configure_firewall
  tags:
    - firewall

- name: Install systemd timers
  copy: src={{ item }} dest=/etc/systemd/system/{{ item }} owner=root group=root mode=0644
  with_items:
    - dovecot-cleanup.timer
    - dovecot-cleanup.service

- name: Activate systemd timers
  systemd:
    name: "{{ item }}"
    state: started
    enabled: true
    daemon_reload: true
  with_items:
    - dovecot-cleanup.timer